Security

Has anyone successfully gotten 802.1X/PEAP working with an Apple TV? The latest firmware supports it, but requires you to pre-load a profile on the device, and Apple's knowledge base aritcle doesn't seem to get it working.

So I learned a little tip about apple TV and 802.1x yesterday at the airheads conference. The apple Tv does not have an internal clock therefore cannot check the valid dates on the certificate. Try setting the date and time on the apple TV and see if that works.

So, this is a tricky situation.  Apple TV is setup to connect to a 802.1x network, but can't connect to it without a valid certificate.  The certificate cannot be validated without a correct time (via NTP).  It cannot connect to ntp without a valid network connection.  And it can't connect to the 802.1x network without a valid certificate!

 

Talk about Catch-22!

 

Is there a way to setup an SSID for Apple TV's only to connect to.  Have this SSID have a pre-authenticated vlan setup and then authenticate via 802.1x after a valid certificate is established (via a time set on the Apple TV from NTP?

It's been a while since I configured an Apple TV, but can't you set the time manually on the device in it's setup?  If so, it should be able to validate the certificate then.

You cannot, you must go through an NTP server from what I've found.

Hi Guys

 

Has anybody found an answer to this yet. I have about 40 apple tv's at a school and need to find a solution.

 

 

Trav,

 

We created a new hidden SSID.  We assigned a WPA2 pre-shared key to it, and the Apple TV's connect to this just fine.

 

We put the SSID into the same VLAN pool as our WPA2-Enterprise.

 

If they happen to get the same VLAN assignment it works.  If they don't, it doesn't.  Enabling Airgroup fixes that, but you can then also see all of the other Apple TV's at each other location (the list is way too long, and it doesn't show all of them).  I have an open ticket with support, and another post detailing this out at:

 

http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/6-1-3-6-Airgroup-HOWTO-Limit-Airplay-per-vlan-pool/td-p/95332

Thanks very much.

 

I ended up creating the suggested SSID with a psk. I do beleive that apple is about to release its new iOS 7 software for apple tv which is rumoured to fix the time and certificate issue.

 

So hopefully in a week or two we will have a fix.

Couldn't you also just wire the device into the LAN during setup?  Set the clock, then attach it to the PEAP ssid?

You can do but if the device looses power it does not have a battery backup for the date and time. Therefore everytime the device restarts it has to re set the date and time. Hence the problem. The easiest s to create a hidden ssid with a psk.

Hey guys here's an update on the clock fix with the Apple Tv ..

 

http://community.arubanetworks.com/t5/Technology-Blog/Apple-TV-EAP-PEAP-Configuration-Clock-Fix/ba-p/143391

 

 

Unfortuntately I don't think the solution is going to come with software. The current hardware does not include a battery for the internal clock. Until they include that, I think we will continue to see issues getting them joined to 1x networks.